[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 30/11/13 18:19, Martijn Grooten wrote: > > Crypto is hard, implementing crypto is even harder and implementing good > crypto is incredibly difficult. So if you want to use crypto to protect > information that would be of interest to GCHQ, don't even think about > using your own brilliant new crypto. > > But there are certainly cases where steganography can be useful. Say, > you work for a medium-sized organisation and you want to blow the > whistle about some illegal and/or immoral activity a colleague is > involved in. Hiding the information inside some 'ordinary' traffic or > data could be useful in such a case. Oh yeah, definitely: steganography can be very useful - just again, don't try and make it yourself. Out of curiosity (I've never thought to look before) Debian says: ghost@failbot:~$ apt-cache search stegan mat - Metadata anonymisation toolkit outguess - Universal Steganographic tool python-stepic - Python Steganography in Images samhain - Data integrity and host intrusion alert system snowdrop - plain text watermarking and watermark recovery steghide - A steganography hiding tool > In general, ensuring your data "doesn't look like encrypted data" is a > bad idea. Yep. A really, *really* bad idea. At one place I consulted for a few years back we had one young and dumb "bright spark" who didn't think the workplace rules applied to him, and hit upon DNS tunnelling: yeah, like I hadn't thought of that. One OpenBSD logfile later and he was back in the job market. Regards -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq